Senior Healthcare Cybersecurity

Our client is a global leader in eye care, specializing in the development, manufacturing, and marketing of innovative products for vision correction and surgical treatments.

Job Responsibilities:

At our client, the cybersecurity team plays a crucial role in protecting sensitive patient and customer data, as well as safeguarding the company’s intellectual property, including proprietary medical technologies. They implement and maintain robust security measures to prevent data breaches, cyberattacks, and vulnerabilities across both product development and operational environments. Additionally, the team ensures compliance with industry standards and regulations related to healthcare data protection, such as HIPAA, securing the company’s digital infrastructure and maintaining resilience against evolving cyber threats.

• Design, implement and govern security solutions architectures for robust healthcare software solutions: cloud platforms, user applications, medical devices and IoMT solutions.
• Support and coordinate security assessments, risk analysis, and threat modeling to identify vulnerabilities and develop proactive mitigation strategies.
• Collaborate with engineering and development teams to integrate security into system designs, software development, and cloud infrastructure by following security-by-design best practices.
• Train delivery staff on risk assessment, threat modeling, security best practices (pre & post market requirements), testing requirements, security monitoring. regulatory requirements, etc.
• Support the definition and enforcement of security policies, standards, best practices and cyber security architecture frameworks across the organization.
• Participate in industry working groups, technical advisory groups in order to monitor the evolving threat landscape, trend development & promote GL Thought Leadership.
• Ensure compliance with relevant industry standards and regulatory requirements (e.g., GDPR, HIPAA, ISO 27001, NIST, IEC 62443, UL 2900-2-1).

Job Description

Mandatory requirements:

• Minimum of 5 years of product security experience in the medical device industry either directly for a medical device manufacturer or for a product security services organization providing consultative services to the manufacturer.
• Strong experience working with standards such as ISO 13485, ISO 14971, IEC 62304, NIST 800-30, NIST 800-53, AAMI TIR 57, UL 2900-2-1, IEC 62443.
• Strong understanding of the cybersecurity requirements of international regulations and guidance documents, including FDA Premarket Guidance for Cybersecurity of Medical Devices, MDR, IVDR, etc.
• Background in leveraging industry standard threat modeling and risk management frameworks.
• Background in penetration testing or leading pen testing engagements with third party organizations.
• Practical knowledge of Agile and agile-based methodologies
• Degree in computer science, software engineering, or cybersecurity

Keyskills - Must Have

• Security
• Cybersecurity Frameworks
• Good knowledge of 'Computer Networking' and 'Information Security'.Certified of 'Information Security and Ethical Hacking'
• Healthcare security
• Microsoft Security SDLC